You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OWASP dependency check tool reports a known vulnerability in the @nx/web@18.0.7 package.
Vuln: CVE-2022-43604.
There is an issue on the http-server project side: http-party/http-server#860 which is still open.
Expected Behavior
The package should not have any known vulnerabilities, especially no with Base Score: CRITICAL (9.8).
GitHub Repo
No response
Steps to Reproduce
Have an nx workspace where the following dependency is present in the package.json: "@nx/webpack": "18.0.7"
Perform a OWASP dependency check vulnerability scan.
Inspect the report of the scan --> The project contains known vulnerabilities in sub dependencies. With the help of npm ls I could see where the vulnerable package came from:
username@pc-name % npm ls opener
@app/source@0.0.0
└─┬ @nx/web@18.0.7
└─┬ http-server@14.1.1
└── opener@1.5.2
Current Behavior
The OWASP dependency check tool reports a known vulnerability in the @nx/web@18.0.7 package.
Vuln: CVE-2022-43604.
There is an issue on the http-server project side: http-party/http-server#860 which is still open.
Expected Behavior
The package should not have any known vulnerabilities, especially no with Base Score: CRITICAL (9.8).
GitHub Repo
No response
Steps to Reproduce
username@pc-name % npm ls opener
@app/source@0.0.0
└─┬ @nx/web@18.0.7
└─┬ http-server@14.1.1
└── opener@1.5.2
Nx Report
Failure Logs
No response
Package Manager Version
No response
Operating System
Additional Information
No response
The text was updated successfully, but these errors were encountered: